Microsoft Defender for Endpoint Reviews

Name: Microsoft Defender for Endpoint
Brand: Microsoft
Rating: 4 (186 reviews)

Vendor: Microsoft

4.0 out of 5

186 reviews
94% willing to recommend

4,266 followers

Post review

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

Get the Microsoft Defender for Endpoint Buyer's Guide and find out what your peers are saying about Microsoft Defender for Endpoint, Microsoft Intune, CrowdStrike Falcon and more!

Microsoft Defender for Endpoint is the #1 ranked solution in endpoint security software, #1 ranked solution in top Anti-Malware Tools, #2 ranked solution in top Advanced Threat Protection (ATP) solutions, #2 ranked solution in EDR tools, and #6 ranked solution in top Microsoft Security Suite solutions. PeerSpot users give Microsoft Defender for Endpoint an average rating of 8.0 out of 10. Based on the analysis of the 186 most recent Microsoft Defender for Endpoint reviews, the overall sentiment is positive, with a sentiment score of 7.3. (Among the lowest in the category). Microsoft Defender for Endpoint is most commonly compared to Microsoft Intune: Microsoft Defender for Endpoint vs Microsoft Intune. Microsoft Defender for Endpoint is popular among the large enterprise segment, accounting for 42% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a educational organization, accounting for 26% of all views.

Buyer's Guide

Microsoft Defender for Endpoint

October 2024

Get the report

Helped 814,528 peers since 2012

Featured reviews

Sudhen Swami

Senior Enterprise Architect at MTVH

We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.

Read full review

Joseph Abakar Yougouda

Conseiller Expert en Architecture de sécurité at a tech services company with 1,001-5,000 employees

Microsoft Defender for Endpoint is different from other security tools because we can configure it to use multiple types of scanning or archiving. Microsoft Defender is an important tool for our security arsenal. We can also use the solution to perform many tasks. Integrating Microsoft Defender for Endpoint with other Microsoft solutions is easy as long as the organization has a proper implementation process. The devices and materials need to be organized and connected in a way that is efficient for the organization, and the implementation process must be considered. Our integrated solutions work natively together with Microsoft Defender for Endpoint to deliver coordinated detection and response across our environment which is very important.

Read full review

Naman Verma.

Security Delivery Specialist at Accenture

It’s included with the Microsoft licensing, so we don't need multiple licenses. Microsoft is very effective in device control. If there is malware that is coming in, It is very quick to remove it. It doesn't let it gain a footprint on your drive, so that prevents further damage from happening to the endpoint. This solution helps us prioritize threats across our enterprise. When we are looking at our current scenario, post-COVID, most of the employees of the clients that we are dealing with are remote. When it comes to remote, you can make sure that they're logging in to VPN, however, most of their time is online and we need a product that is actively protecting them even if a user is not on a VPN or a company network. This product integrates very well with Windows due to the fact that it's a Microsoft product. It's giving users the protection that they need while ensuring businesses don’t have to spend extra on licenses. We are using other Microsoft products. Including CASB integrated with our endpoint. We’re also using Azure, for example, and Microsoft Defender for Cloud as well as Sentinel (although a different team manages it). We have seen a very hybrid kind of environment with one of our clients where they were using an on-prem solution throughout, and they were aiming to move to the cloud. It becomes very easy to integrate everything and move most of their infrastructure to the cloud. It does take time and effort, however, with everything integrated, you can get it done. Microsoft solutions also work natively together. That’s a big strength. Everything communicates seamlessly. We have very good visibility on our endpoints. The level of information it throws back is helpful. How long it takes to see the level of benefits will depend on the deployment. Our deployment took two months for one client. Within a month’s time, they started seeing the benefits. We had a substantial number of endpoints to roll out, however, we began to note benefits pretty fast. Microsoft Defender for Endpoint helps automate the finding of high-value alerts. It still needs to mature a little bit. Overall, we are seeing very security-intensive products and Microsoft still has a lot to learn. It helped eliminate having to worry about multiple dashboards. Now, we have one single dashboard where our team takes care of everything. That has been very helpful. It makes the team focus on one single product. That helps prepare us for potential threats before they hit. We get fairly decent visibility into what's happening. Since we have one single dashboard that is giving us all the information, it becomes very easy for the team to react to incidents as well. Overall, the solution has saved time. Previously, while we were doing deployment, most of our time was spent figuring out how to handle the products that are not natively from Microsoft. We had to figure out how we could integrate to get the most out of our products. Now, with Microsoft, we have all the integrations present in one place. On average, we’ve likely saved nine to 12 hours weekly just by having one single Microsoft dashboard. We’ve saved money, too. Considering it comes under one existing license, we don’t have to spend money separately or buy another license to get all the features we need. The solution decreased our time to detection and time to respond. Our turnaround is better. From the moment we receive an alert to the moment we close the case, we’ve seen a reduction of 18% to 20% overall.

Read full review

Microsoft Defender for Endpoint mindshare

Product category:

As of November 2024, the mindshare of Microsoft Defender for Endpoint in the Endpoint Protection Platform (EPP) category stands at 12.1%, down from 16.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP)

Key learnings from peers

Last updated Oct 31, 2024

Valuable Features

Microsoft Defender for Endpoint is valued for its seamless integration with Microsoft products, ease of use, and minimal system impact. Users appreciate its real-time malware detection, threat intelligence, and automated updates. The platform's centralized management and comprehensive visibility into threats enhance security posture. It offers strong protection against ransomware and malware, with features like Advanced Threat Protection and detailed reporting. Its integration with Azure Sentinel and Microsoft 365 further strengthens security coordination.

"Investigators can trace back to find the root cause."
"You can query and access useful information from logs and events, which is powerful and efficient."
"Updates and upgrades are quite smooth and seamless."

Room for Improvement

Microsoft Defender for Endpoint's customer service is difficult to contact and could be more responsive. It lacks some features like game mode, web filtering, and integration with non-Windows platforms. Users find the interface complex and the system resource-heavy. Some feel it lags in malware detection and needs better automation. The dashboard isn't intuitive, and pricing could be more competitive, especially considering licensing challenges. Integration with third-party tools and comprehensive threat intelligence requires improvement.

"It seems there are challenges associated with IP addresses at times."
"Sometimes, there are difficulties in downloading a file considered as malicious."
"We'd like to see integrations with more vulnerability scanning solutions like Tenable."

ROI

Many users have noted a return on investment with Microsoft Defender for Endpoint. Although some find it challenging to quantify exact savings, many have experienced significant reductions in costs, especially by eliminating third-party solutions. The integration within Microsoft's ecosystem and its ability to streamline operations have been beneficial. Clients have reported saving thousands to millions due to advanced threat protection features. While some still anticipate future returns, overall satisfaction is high among users.

Pricing

Enterprise users report mixed experiences with Microsoft Defender for Endpoint pricing. Many note it's bundled with Windows or Office 365, often offering cost savings compared to separate solutions. However, some mention additional costs for advanced features, like EDR, and find standalone pricing high. Licensing options vary from monthly to yearly, with discounts available under bundle or enterprise agreements. Overall, while often competitive, costs can be significant depending on chosen features and licensing models.

"The price for Microsoft Defender for Endpoint is about three euros, which is considered reasonably priced."
"I recently switched from education to private business, and all I can say is that private business licensing from Microsoft is not cheap until you hit certain quantities or scale. That does not mean that it is not comparable to other industries. It is similar pricing, but it is still crazy to me how much you pay for a client. I feel it is high, but it is in line with other vendors."
"Microsoft Defender for Endpoint is an expensive solution."

Popular Use Cases

Microsoft Defender for Endpoint is primarily used for protecting against malware, viruses, and ransomware. It serves as an antivirus and is integrated for system security. Organizations use it for endpoint detection, threat prevention, and response. It offers protection for personal and business devices, including Windows, Mac, and mobile platforms. It also supports vulnerability management and mitigating phishing attempts, ensuring comprehensive system and data protection across various environments and cloud platforms.

Service and Support

Many users report not needing technical support for Microsoft Defender for Endpoint, finding it efficient and user-friendly. Others describe support as generally good, with quick responses, though some mention delays and mixed quality depending on the support engineer. Premium support receives favorable feedback. Some leverage online resources to troubleshoot, reflecting a self-sufficient approach. Overall impressions reveal varying experiences, with some rating it highly and others noting areas for improvement in response times and service consistency.

Deployment

Microsoft Defender for Endpoint's initial setup is generally easy and straightforward, often integrated with Windows operating systems. Users report varied experiences, with many finding the setup seamless due to its pre-installation, requiring minimal configuration. Some mention challenges with more complex environments, especially involving integration with other tools and systems. Most agree that once setup is understood, it becomes manageable, often taking mere minutes to deploy, while others find benefit from extensive documentation and user guides available.

Scalability

Microsoft Defender for Endpoint is largely regarded as highly scalable, adapting seamlessly across varied organizational sizes and needs, often managed through the cloud. It efficiently supports users from small to vast setups, and licensing typically facilitates scalability. While some users note areas for enhanced customization and management, most report no significant issues with expanding usage, whether deploying to thousands of endpoints or accommodating growing user bases. Many highlight its integration diversity and flexible expansion capabilities.

Stability

Microsoft Defender for Endpoint exhibits commendable stability with minimal issues reported. Users highlight its reliability, integration with Windows, and efficient resource usage. Some encountered minor glitches or issues during updates, mainly on non-Windows platforms or due to specific configurations. Occasional performance concerns due to heavy resource demands are mentioned. The frequent updates enhance functionality but may introduce temporary bugs. Despite minor hurdles, the consensus is that Microsoft's offering is stable and scales well within organizations.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Microsoft Defender for Endpoint Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Educational Organization

26%

Computer Software Company

12%

Government

Financial Services Firm

Manufacturing Company

Retailer

University

Comms Service Provider

Healthcare Company

Energy/Utilities Company

Construction Company

Insurance Company

Real Estate/Law Firm

Legal Firm

Non Profit

Media Company

Wholesaler/Distributor

Hospitality Company

Performing Arts

Outsourcing Company

Transportation Company

Recreational Facilities/Services Company

Logistics Company

Pharma/Biotech Company

Aerospace/Defense Firm

Consumer Goods Company

Compare Microsoft Defender for Endpoint with alternative products

Learn more about Microsoft Defender for Endpoint

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Microsoft Defender for Endpoint was previously known as Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus.